The sale of Zero-day exploits is a prolific business, zero-day broker Zerodium offers rewards of up to $500,000 FreeBSD, OpenBSD, NetBSD, Linux Zero-Days.
The sale of Zero-day exploits is a prolific business that most people totally ignore, to better understand its evolution let’s analyze together the offer of the popular exploit broker Zerodium. To have a clear idea about the company mission let’s visit the website.
“ZERODIUM pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices.” reads the company web sites. “While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.”
Zerodium, like other zero-day brokers, buys zero-days and sell them to government agencies and law enforcement, but many privacy advocates fear that these flaws could be used by surveillance firmsthat sell their products to authoritarian regimes.
The company is offering rewards of up to $500,000 for zero-day exploits in UNIX-based operating systems, including OpenBSD, FreeBSD, NetBSD. The same offer is for exploits developed form popular Linux distros such as Ubuntu, CentOS, Debian, and Tails.
Prices for zero-day vary for several factors, including the market shares of the affected platforms/systems (Windows zero-day exploits for Windows are usually more valuable than Linux ones) and level of user interaction requested for the exploitation of the flaws (no click, one click, two clicks, etc.).
Other factors include the reliability for the zero-day exploit, the number of vulnerabilities that attackers need to chain to exploit the flaw, the success rate, and the OS configuration that it is necessary for the exploitation.
The rewards for Linux zero-days continues to increase, a trend already observed since February, when rewards going as high as $45,000.[…]
To read the original article:
https://securityaffairs.co/wordpress/74050/hacking/zerodium-linux-zero-day-exploits.html